强制 php 在 url 中传递 SID - 即使浏览器接受 cookie
我试图让 php 通过 url 自动传递会话 ID,即使浏览器接受 cookie。
我知道 url 会话 id 通常被认为是安全风险,但我有一个非常具体的应用程序,它需要多个单独的用户能够登录到同一个 php 会话,无论他们的浏览器有什么 cookie 设置。分享网址是我的目的,而不是威胁。
将会有多个用户“组”,每个组应该有一个唯一的共享会话,因此简单地在代码中应用固定的会话 ID 是行不通的。我希望该组的“所有者”能够启动会话,获取唯一的 ID,然后通过 url 将其传递给所有其他用户。
由于它是一个现有的应用程序,我无法进行会影响其他用户正常会话行为的修改 - 这是针对特定 IP 组中的用户 - 这就是我尝试修改标准会话处理的原因。
我尝试使用 ini_set() 来禁用 session.use_cookie,但这只是阻止会话被记住。
任何建议都非常感激。
I'm trying to get php to automatically pass the session ID via url, even if the browser accepts cookies.
I know url session id are normally considered a security risk, but I have a very specific application in mind which requires several separate users to be able to log in to the same php session, despite what cookie settings their browsers have. Sharing the url is my aim here, rather than a threat.
There will be several "groups" of users, each group should have a unique shared session, so simply applying a fixed session id in the code won't work. I want the "owner" of the group to be able to initiate the session, get a unique id, then pass this on to all the other users, via a url.
As it's an existing application, I can't make modifications that will affect the normal session behaviour for other users - this is for users in a specific group of IPs - which is why i'm trying to modify the standard session handling.
I've tried using ini_set() to disable session.use_cookie, but that simply prevents the session from being remembered at all.
Any suggestions gratefully received.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
![扫码二维码加入Web技术交流群](/public/img/jiaqun_03.jpg)
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您是否尝试启用 session.use_trans_sid ?
Have you try enabling session.use_trans_sid ?
设置
通过 ini_set() 或在 php.ini、.htaccess ...或任何您可以 更改配置设置的地方 。
另请参阅:
Set
via ini_set() or in the php.ini, .htaccess ...or where ever you can change the configuration settings.
see also: